Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest

From: Andy Lutomirski
Date: Fri Feb 12 2021 - 14:48:11 EST

Next message: Arnd Bergmann: "Re: [PATCH net-next] misc: Add Renesas Synchronization Management Unit (SMU) support"
Previous message: Daniel Jordan: "Re: [PATCH v2] cpu/hotplug: wait for cpuset_hotplug_work to finish on cpu onlining"
In reply to: Dave Hansen: "Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest"
Next in thread: Sean Christopherson: "Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Feb 5, 2021 at 3:39 PM Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> wrote:
>
> From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
>
> The TDX module injects #VE exception to the guest TD in cases of
> disallowed instructions, disallowed MSR accesses and subset of CPUID
> leaves. Also, it's theoretically possible for CPU to inject #VE
> exception on EPT violation, but the TDX module makes sure this does
> not happen, as long as all memory used is properly accepted using
> TDCALLs.

By my very cursory reading of the TDX arch specification 9.8.2,
"Secure" EPT violations don't send #VE. But the docs are quite
unclear, or at least the docs I found are. What happens if the guest
attempts to access a secure GPA that is not ACCEPTed? For example,
suppose the VMM does THH.MEM.PAGE.REMOVE on a secure address and the
guest accesses it, via instruction fetch or data access. What
happens?

Next message: Arnd Bergmann: "Re: [PATCH net-next] misc: Add Renesas Synchronization Management Unit (SMU) support"
Previous message: Daniel Jordan: "Re: [PATCH v2] cpu/hotplug: wait for cpuset_hotplug_work to finish on cpu onlining"
In reply to: Dave Hansen: "Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest"
Next in thread: Sean Christopherson: "Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]